arashi: init postgres + redis

2023-06-18 17:35:07 -04:00 · 2023-06-18 17:35:07 -04:00 · 3204926031
commit 3204926031
parent 0f9a27057f
5 changed files with 48 additions and 3 deletions
--- a/hosts/arashi/default.nix
+++ b/hosts/arashi/default.nix
@ -1,6 +1,7 @@
 {...}: {
  imports = [
    ./hardware-configuration.nix
+    ./services
    ../../modules
  ];

--- a/hosts/arashi/hardware-configuration.nix
+++ b/hosts/arashi/hardware-configuration.nix
@ -1,7 +1,5 @@
 {
-  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
@ -19,6 +17,11 @@
    fsType = "ext4";
  };

+  fileSystems."/nas" = {
+    device = "192.168.1.71:/volume1/arashi";
+    fsType = "nfs";
+  };
+
  swapDevices = [
    {device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";}
  ];
--- a/hosts/arashi/services/default.nix
+++ b/hosts/arashi/services/default.nix
@ -1,5 +1,5 @@
 _: {
  imports = [
-    ./traefik.nix
+    ./postgresql.nix
  ];
 }
--- a/hosts/arashi/services/postgresql.nix
+++ b/hosts/arashi/services/postgresql.nix
@ -0,0 +1,41 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.firewall.allowedTCPPorts = [5432];
+  services.postgresql = {
+    enable = true;
+    enableTCPIP = true;
+    package = pkgs.postgresql_14;
+    port = 5432;
+    settings = {
+      listen_addresses = lib.mkForce "*";
+    };
+    authentication = ''
+      local all all trust
+      host replication all 127.0.0.1/32 trust
+      host all all all trust
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensurePermissions = {
+          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+        };
+      }
+      {
+        name = "hedgedoc";
+        ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+      }
+      {
+        name = "forgejo";
+        ensurePermissions."DATABASE forgejo" = "ALL PRIVILEGES";
+      }
+    ];
+    ensureDatabases = [
+      "forgejo"
+      "hedgedoc"
+    ];
+  };
+}
--- a/hosts/arashi/services/redis.nix
+++ b/hosts/arashi/services/redis.nix